also I noticed that you are double encrypting the password and salting with a
random number in the 100,000 range, I would think that gives a 100,000 to 1 chance of it being the same when a
user tries to log on.... think about it.
EDIT: I just scanned your code again, there are a few mistakes, extra spaces, missing comma's ect,
you should read carefully through it making corrections as you go. Use a reference manual.

method POST - will send the contents of "fname" and "lname" to the script defined in action - its sent in a hidden method along with the headers of the request - an empty action will send the data back to the same page(still across the internet to the server). It is recieved in the $_POST array so are accessible via $_POST['fname'] and $_POST['lname'];

method GET - will send the variables in the url(address bar) "page.php?fname=blah&lname=blah". Its generally not as secure as the vars get stored in the users history etc. They are stored in the $_GET array on the recieving page and are accessible via $_GET['fname'] and $_GET['lname'];

Diafol mentioned it cause of course the script defined in action is what writes to the database